Windows Client Domain_Admin User Not Working for Lookup in AD Database

Windows client domain_admin user not working for

lookup in AD database

Solution ID: 31

Created: 7/8/2008

DETAILS:

Issue:

When Configuring 2 AD servers 1 for backup, our windows client AD

domain_admin user could not succeed for lookup verify. In an attempt to

understand why we used adlookup utility against UID 0 for domain_admin

C:\program files\ibrix\bin\adlookup.exe -u 0 However, the command returns

nothing..? We were expecting a successful lookup to come back , as long as the

lookup schema was setup correctly for windows AD 2003 R2 server in use.

Root Cause:

There were 2 AD servers and defined the win2003 R2 AD server then added the

win2003 SP2 server without R2 as well. Following the install guide, he installed

SFU on this backup server which did not have R2, instead of just upgrading

win2003 SP2 with R2 as recommended. The problem is R2 lookup schema is

different from that of which SFU puts in place. So as a result of adding the SFU

to the backup AD server the schema was effectively changed to use SFU lookup.

R2 does not understand SFU schema.

Note: Even if you point your DNS to the R2 server the lookup will still fail. Active

Directory output from the FM before correcting the lookup schema to use SFU:

fm1# /usr/local/ibrix/bin/ibrix_activedirectory -l Domain Name :

production.ibrixdomain.local Domain Server IP : 10.10.0.4 Proxy User Name :

production\IBRIX Proxy User Password : ************************ Default Windows

User Name : IBRIX UID Field Name : uidNumber <----------

Note: These values are for win2003 R2 AD schema and not SFU schema which

is now enforced due to mistake GID Field Name : gidNumber <------ FM

command to redefine these values to get AD to work with SFU schema on an R2

AD server or vice versa if needed: ibrix_activedirectory -c -d DOMAIN_NAME -i

DOMAINCONTROLLER_IPS -u PROXY_USER -p PROXY_PASSWORD -W

WINUSERNAME -E UID_FIELD_NAME -F GID_FIELD_NAME

PAGE 1
Windows client domain_admin user not working for lookup in AD database Solution ID: 31 Created: 7/8/2008 DETAILS: Issue: When Configuring 2 AD servers 1 for backup, our windows client AD domain_admin user could not succeed for lookup verify. In an attempt to understand why we used adlookup utility against UID 0 for domain_admin C:\program files\ibrix\bin\adlookup.exe -u 0 However, the command returns nothing..
PAGE 2
The following are the 2 fields that need to be set on fusion manager for your AD schema to work because SFU was once introduced. UID Field Name : msSFU30UidNumber GID Field Name : msSFU30GidNumber On your fusion manager the exact command syntax is as follows; ibrix_activedirectory -c -E msSFU30UidNumber -F msSFU30GidNumber Then your ibrix_activedirectory -l output should look something like this: Domain Name: production.ibrixdomain.local Domain Server IP : 10.10.10.